[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openembedded-core
Subject:    [OE-core][dunfell][PATCH] sqlite3: ignore CVE-2024-0232
From:       "Peter Marko via lists.openembedded.org" <peter.marko=siemens.com () lists ! openembe
Date:       2024-01-28 16:53:58
Message-ID: 20240128165358.657852-1-peter.marko () siemens ! com
[Download RAW message or body]

Content-Transfer-Encoding: 8bit

From: Peter Marko <peter.marko@siemens.com>

This CVE reports bug which was fixed in 3.43.2 by [1].
Code analysis shows that it is fixing caching issue
and this cache was introduced by [2].
This landed only in 3.43.0 so 3.85.5 is not affected.

[1] https://sqlite.org/src/info/5b09212ac05615fc
[2] https://sqlite.org/src/info/2dbb22c75e86f2e3

Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 meta/recipes-support/sqlite/sqlite3_3.31.1.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-support/sqlite/sqlite3_3.31.1.bb \
b/meta/recipes-support/sqlite/sqlite3_3.31.1.bb index ef12ef0db2..b2d8f9f1dd 100644
--- a/meta/recipes-support/sqlite/sqlite3_3.31.1.bb
+++ b/meta/recipes-support/sqlite/sqlite3_3.31.1.bb
@@ -25,3 +25,5 @@ SRC_URI[sha256sum] = \
"62284efebc05a76f909c580ffa5c008a7d22a1287285d68b7825a2b6b5  CVE_CHECK_WHITELIST += \
"CVE-2019-19242"  # This is believed to be iOS specific \
(https://groups.google.com/g/sqlite-dev/c/U7OjAbZO6LA)  CVE_CHECK_WHITELIST += \
"CVE-2015-3717" +# This was introduced in 3.43.0, 3.31.1 is not yet affected
+CVE_CHECK_WHITELIST += "CVE-2024-0232"
-- 
2.30.2



-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#194444): https://lists.openembedded.org/g/openembedded-core/message/194444
Mute This Topic: https://lists.openembedded.org/mt/104014792/4454766
Group Owner: openembedded-core+owner@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [openembedded-core@marc.info]
-=-=-=-=-=-=-=-=-=-=-=-



[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic